The technology disclosed proposes a metadata-based solution to prevent malicious data egress resulting from resource-level transactions. In advance of the data egress requests, the technology disclosed crawls an organization's accounts on different cloud storage services and makes a resource list of different cloud-based resources configured under the organization's accounts. The resource list is then stored in a metadata store. When an inline proxy receives a resource-level transaction that is requesting to move a cloud-based resource outside the organization's account, the proxy looks up the metadata store and determines whether the resource-level transaction is attempting to manipulate any of the cloud-based resources listed in the resource list. If so, then the proxy blocks the resource-level transaction.
Legal claims defining the scope of protection, as filed with the USPTO.
2. The computer-implemented method of claim 1, wherein the resources are Amazon Web Services (AWS) buckets, Microsoft Azure blobs, Google Cloud Platform (GCP) buckets, and Alibaba Cloud buckets.
3. The computer-implemented method of claim 1, wherein the resource list is maintained in cloud-based metadata stores.
4. The computer-implemented method of claim 1, further including using endpoint policy enforcers running on the endpoints to perform the intercepting, the comparing, the finding and classifying, and the blocking.
5. The computer-implemented method of claim 4, wherein the resource list is maintained in local metadata stores at the endpoints.
7. The computer-implemented method of claim 1, wherein the resource list is generated by an introspector that scans the organization's accounts on the cloud storage services and detects that the resources are configured to store the organization's data.
9. The non-transitory computer readable storage medium of claim 8, wherein the resources are Amazon Web Services (AWS) buckets, Microsoft Azure blobs, Google Cloud Platform (GCP) buckets, and Alibaba Cloud buckets.
11. The system of claim 10, wherein the resources are Amazon Web Services (AWS) buckets, Microsoft Azure blobs, Google Cloud Platform (GCP) buckets, and Alibaba Cloud buckets.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
May 13, 2019
August 2, 2022
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.